>
> > Firewalling should be implemented on the hosts, perhaps with centralized
> > policy management. In such a situation, there would be no reason to filter
> > on funny IP options.
>
> That's madness. If you have to implement your firewalling on every host,
> what do you do when someone wants to run a new OS? Forbid it?
Of course. Then you find out about some new problem you want to block, so
you spend the next week reconfiguring a dozen different OS firewalling
systems. Hrm... I'll stick with a proper firewall, TYVM!
James.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/